AMENDMENTS TO CLAIMS 



1 1 . (currently amended): A method for updating a protected partition within a 

2 hard drive of a computing system, wherein said method comprises: 

3 starting execution of an initialization program in a processor within said 

4 computing system in response to turning on electrical power within said 

5 computing system; 

6 determining whether an update partition file is stored in non-volatile 

7 storage within said computing system for subsequently updating said protected 

8 partition; 

9 after determining that said update partition file is stored within said 

10 computing system for updating said protected partition, comparing information 

1 1 stored in said protected partition with information within said update partition file; 

12 when a matching portion of said information stored in said protected 

13 partition is found to be similar to a portion of said information stored within said 

14 update partition file, overwriting said matching portion with said portion of said 

15 information stored in said protected partition if space around said matching 

16 portion is sufficient; 

17 when a matching portion of said information stored in said protected 

1 8 partition is not found to be similar to a portion of said information stored within 

19 said update partition file, writing said portion of said information stored within 

20 said update partition file to appended append to said information stored jn said 

21 protected partition if space within said protected partition is sufficient; and 

22 locking said protected partition to prevent further modification of 

23 information stored within said protected partition. 

1 2. (previously presented): The method of claim 1, wherein 

2 a flag bit is set in non-volatile storage within said computing system when 

3 said update partition file is stored at a predetermined location in non-volatile 

4 storage within said computing system, and 
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5 determining whether said update partition is stored within said computing 

6 system for updating said protected partition is performed by determining 

7 whether said flag bit is set. 

1 3. (original): The method of claim 1 , wherein 

2 said method additionally comprises, after determining that said update 

3 partition file is stored within said computing system for updating said protected 

4 partition, verifying whether said update partition file has been generated by a 

5 trusted server system, and 

6 said portion of said update partition is written to said protected partition 

7 only following verification that said update partition file has been generated by 

8 a trusted server system. 



4. (original): The method of claim 3, wherein verification that said update 
partition file has been generated by said trusted server system includes: 

forming a first message digest by applying a hash algorithm to a portion 
of said update partition file; 

forming a second message digest by decrypting a digital signature within 
said update partition file using a public key of said trusted server system; and; 

determining that said first and second message digests are identical. 



1 5. (currently amended): The method of claim 3, wherein 

2 a setup password is stored in non-volatile storage within said computing 

3 system and within a database accessed by said trusted server system when a 

4 configuration of the computing system is set . 

5 verifying that said update partition file has been generated by said trusted 

6 server system includes signing an encrypted portion of said update partition file 

7 with a public key of said trusted server system, and 

8 said encrypted portion of said update partition file has been prepared by 
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9 signing, with a private key of said trusted server system, a result of the 

10 application of an algorithm to data including a version of said setup password 

1 1 accessed by said trusted server system. 

1 6. (original): The method of claim 5, wherein 

2 said data includes said version of said setup password appended to a 

3 portion of said update partition file, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 verifying that said update partition file has been generated by said 

6 trusted server system includes applying said hash algorithm to said setup 

7 password stored within said computing system appended to a portion of said 

8 update partition file to generate a first version of a message digest and 

9 comparing said first version of said message digest with a second version of 

10 said message digest obtained by signing said encrypted portion of said update 

11 partition file. 

1 7. (previously presented): The method of claim 1, wherein 

2 said update partition file includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entry within said plurality of entries includes information to be stored 

5 at a different location within said protected file partition, 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries. 

8 said method additionally comprises, following determining that said 

9 update partition file is stored within said computing system for updating said 

10 protected partition, verifying whether each entry in said plurality of entries within 

1 1 said update partition file has been generated by a trusted server system, and 

12 each entry in said plurality of entries within said update partition is written 

13 to said protected partition only following verification that said entry has been 

14 generated by a trusted server system. 
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1 8. (original): The method of claim 7, wherein verifying that said entry has been 

2 generated by said trusted server system includes: 

3 forming a first message digest by applying a hash algorithm to said entry; 

4 forming a second message digest by signing said encrypted element 

5 associated with said entry using a public key of said trusted server system; and; 

6 determining that said first and second message digests are identical. 

1 9. (original):: The method of claim 7, wherein 

2 a setup password is stored in non-volatile storage within said computing 

3 system, 

4 verifying that said entry has been generated by said trusted server 

5 system includes signing said encrypted element associated with said entry 

6 with a public key of said trusted server system, and said encrypted element of 

7 said update partition file has been prepared by signing, with said private key of 

8 said trusted server system, a result of the application of an algorithm to data 

9 including a version of said setup password accessed by said trusted server 
10 system. 

1 10. (original):: The method of claim 9, wherein 

2 said data includes said version of said setup password appended to a 

3 said entry, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 verifying that said entry has been generated by said trusted server 

6 system includes applying said hash algorithm to said setup password stored 

7 within said computing system appended said entry to generate a first version of 

8 a message digest and comparing said first version of said message digest with 

9 a second version of said message digest obtained by signing said encrypted 
10 element. 
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1 11. (original): The method of claim 7, wherein 

2 information stored in said protected partition is compared to each entry in 

3 said plurality of entries within said update partition, 

4 when a matching portion of said information stored in said protected 

5 partition is found to be similar to said entry, said matching portion is overwritten 

6 with said entry if space around said matching portion is sufficient, and 

7 when a matching portion of said information stored in said protected 

8 partition is not found to be similar to said entry, said entry is appended to said 

9 information stored in said protected partition if space within said protected 
10 partition is sufficient 

1 12. (original): The method of claim 1, wherein 

2 said method additionally comprises receiving an input signal from a 

3 keyboard of said computing system and comparing said input signal with a 

4 signal corresponding to a setup password stored in non-volatile storage within 

5 said computing system, and 

6 said protected partition is left unlocked if said input signal matches said 

7 signal corresponding to said setup password. 

1 13. (currently amended): A method for updating a protected partition within a 

2 hard drive of a client computing system, wherein said method comprises: 

3 generating an update partition file within a server; 

4 transferring said update partition file from said server to said client 

5 computing system; 

6 storing said update partition file in non-volatile storage within said client 

7 computing system; 

8 starting execution of an initialization program in a processor within said 

9 client computing system in response to turning on electrical power within said 

1 0 client computing system; 

11 determining that said update partition file is stored in non-volatile storage 



09/841,503 



within said client computing system; 

comparing information stored in said protected partition with information 
within said update partition file; 

when a matching portion of said information stored in said protected 
partition is found to be similar to a portion of said information stored within said 
update partition file, overwriting said matching portion with said portion of said 
information stored in said protected partition if space around said matching 
portion is sufficient; 

when a matching portion of said information stored in said protected 
partition is not found to be similar to a portion of said information stored within 
said update partition file, writing said portion of said information stored within 
said update partition file to append e d append to said information stored in said 
protected partition if space within said protected partition is sufficient; and 

locking said protected partition to prevent further modification of 
information stored within said protected partition. 



1 14. (original): The method of claim 13, wherein said update partition file is 

2 transferred from said server to said client computing system by means of 

3 electrical signals transmitted through a public switched telephone network. 

1 15. (original): The method of claim 13, wherein said update partition file is 

2 transferred from said server to said client computing system by means of 

3 electrical signals transmitted over a local area network. 

1 16. (original): The method of claim 13, wherein transferring said update 

2 partition file from said server to said client computing system includes: 

3 writing said update partition file to a removable computer readable 

4 medium from said server; 

5 transporting said removable computer readable medium from said sever 
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6 to said client computing system; and 

7 reading said update partition file from said removable computer readable 

8 medium into said client computing system. 

1 17. (previously presented): The method of claim 13, wherein 

2 a flag bit is set in non-volatile storage within said client computing system 

3 when said update partition file is stored at a predetermined location in 

4 non-volatile storage within said client computing system, and 

5 determining that said update partition file is stored in non-volatile storage 

6 within said client computing system includes determining that said flag bit is set. 

1 18. (original): The method of claim 13, wherein 

2 said method additionally comprises, following a determination that said 

3 update partition file is stored within said client computing system for updating 

4 said protected partition, verifying within said client computer system that said 

5 update partition file has been generated by said server, and 

6 said portion of said update partition is written to said protected partition 

7 only following verification that said update partition file has been generated by 

8 said server. 

1 19. (original): The method of claim 18, wherein: 

2 generating said update partition file within said server includes forming a 

3 first message digest by applying a hash algorithm to a portion of said update 

4 partition file, signing said first message digest with a private key of said server to 

5 form a digital signature, and appending said digital signature to data within said 

6 update partition file; and 

7 verifying within said client computing system that said update partition file 

8 has been generated by said server includes forming a second message digest 

9 by applying a hash algorithm to a portion of said update partition file, forming a 
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10 third message digest by signing said digital signature within said update partition 

1 1 file using a public key of said server, and determining that said second and third 

12 message digests are identical. 

1 20. (currently amended): The method of claim 18, wherein: 

2 a setup password is stored in non-volatile storage within said client 

3 computing .system when a configuration of said client computing system is set : 

4 a copy of said setup password is stored in a database accessible to said 

5 server when said configuration of said client computing system is set : 

6 generating said update partition file within said server includes forming 

7 an encrypted portion of said update partition file by signing a result of the 

8 application of an algorithm to data including said copy of said setup password; 

9 and 

10 verifying within said client computing system that said update partition file 

1 1 has been generated by said server includes signing said encrypted portion of 

12 said update partition file with a public key of said server. 

1 21. (original): The method of claim 20, wherein 

2 said data includes said version of said setup password appended to a 

3 portion of said update partition file, said algorithm is a hash algorithm 

4 generating a message digest, and 

5 verifying within said client computing system that said update partition 

6 file has been generated by said trusted server includes applying said hash 

7 algorithm to said setup password stored within said client computing system 

8 appended to a portion of said update partition file to generate a first version of 

9 a message digest and comparing said first version of said message digest with 

10 a second version of said message digest obtained by signing said encrypted 

1 1 portion of said update partition file with said public key of said server. 

1 22. (previously presented): The method of claim 13, wherein 



09/841,503 
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2 said update partition file includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entry within said plurality of entries includes information to be stored 

5 at a different location within said protected file partition, 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries. 

8 said method additionally comprises, following a determination that said 

9 update partition file is stored within said client computing system for updating 

10 said protected partition, verifying within said client computing system whether 

1 1 each entry in said plurality of entries within said update partition file has been 

12 generated by a server, and 

13 each entry in said plurality of entries within said update partition is written 

14 to said protected partition only following verification that said entry has been 

15 generated by said server. 



09/841,503 



1 23. (original): The method of claim 22, wherein 

2 each said encrypted element is formed in said server by applying a hash 

3 algorithm to said entry, forming a first messuage digest, and by signing said first 

4 message digest with a private key of said server; and 

5 verification that said entry has been generated by said server includes 

6 forming a second message digest by applying a hash algorithm to said entry, 

7 forming a third message digest by signing said encrypted element associated 

8 with said entry using a public key of said server, and determining that said 

9 second and third message digests are identical. ' 

1 24. (currently amended): The method of claim 22, wherein 

2 a setup password is stored in non-volatile storage within said client 

3 computing system when a configuration of said client computing system is set : 

4 a copy of said setup password is stored in a database accessed by said 

5 server when said configuration of said client computing system is set : 

6 said encrypted element of said update partition file is prepared in said 

7 server by signing, with a private key of said server, a result of the application of 

8 an algorithm to data including said copy of said setup password; and 

9 verification within said client computing system that said entry has been 

10 generated by said server includes signing said encrypted element associated 

1 1 with said entry with said public key of said server. 

1 25. (original): The method of claim 24, wherein 

2 said data includes said version of said setup password appended to a 

3 said entry, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 said verification that said entry has been generated by said server 

6 includes applying said hash algorithm to said setup password stored within said 

7 client computing system appended to said entry to generate a first version of a 

8 message digest and comparing said first version of said message digest with a 
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9 second version of said message digest obtained by signing said encrypted 

10 element. 

1 26. (currently amended): A computer system comprising: 

2 a processor executing an initialization program in response to power 

3 being turned on in said computer program; 

4 a hard drive having a protected partition blocked during execution of an 

5 initialization program to prevent changing information stored within said 

6 protected partition; 

7 non-volatile storage storing an update partition data structure for 

8 modifying contents of said protected partition and said initialization program, 

9 wherein said initialization program executing within said processor 

10 determines that said update partition data structure is stored in 

1 1 said non-volatile storage, 

12 compares information stored in said protected partition with 

13 information within said update partition file, 

14 overwrites said matching portion with said portion of said formation 

15 information stored in said protected partition if space around said 

16 matching portion is sufficient when a matching portion of said information 

17 stored in said 

18 protected partition is found to be similar to a portion of said information 

19 stored within said update partition file, 

20 writes said portion of said information stored within said update 

21 partition file to appondod append to said information stored in said 

22 protected partition if space within said protected partition is sufficient 

23 when a matching portion of said information stored in said protected 

24 partition is not found to be similar to a portion of said information stored 

25 within said update partition file, and 

26 locks said protected partition to prevent further modification of 

27 information stored within said protected partition. 



09/841,503 



1 27. (previously presented): The computer system of claim 26, wherein 

2 a flag bit is set in non-volatile storage within said computing system when 

3 said update partition data structure is stored at a predetermined location in 

4 non-volatile storage within said computing system, and 

5 said initialization program determines said update partition is stored 

6 within said computing system for updating said protected partition is performed 

7 by determining that said flag bit is set. 

1 28. (original): The computer system of claim 26, wherein 

2 after determining that said update partition data structure is stored within 

3 said computing system for updating said protected partition, said initialization 

4 program verifies whether said update partition data structure has been 

5 generated by a trusted server system, and 

6 said portion of said update partition is written to said protected partition 

7 only following verification that said update partition data structure has been 

8 generated by a trusted server system. 

1 29. (previously presented): The computer system of claim 28, wherein 

2 said update partition data structure includes a plurality of entries and a 

3 plurality of encrypted elements, 

4 each entry within said plurality of entries includes information to be stored 

5 at a different location within said protected file partition, 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries, and 

8 said initialization program uses each said encrypted element to 

9 determine that an entry associated with said encrypted element has been 
10 generated by said trusted server system. 

1 30. (currently amended): The computer system of claim 29, wherein 
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2 said non-volatile storage additionally stores a setup password stored 

3 when a configuration of said computer system is set , and 

4 each said encrypted element includes a copy of said setup password and 

5 adigital signature signed by said trusted server system, wherein said digital 

6 signature is formed by applying a hash algorithm to an entry associated with 

7 said encrypted element to form a message digest and by signing said message 

8 digest with a private key of said trusted server system. 

31-36 (canceled) 
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